Ransomware Attack on Zimbabwe's Success Microfinance Bank by Meow
Incident Date:
August 28, 2024
Overview
Title
Ransomware Attack on Zimbabwe's Success Microfinance Bank by Meow
Victim
Success Microfinance Bank
Attacker
Meow
Location
First Reported
August 28, 2024
Ransomware Attack on Success Microfinance Bank by Meow Group
Success Microfinance Bank, a key financial institution in Zimbabwe, has recently been targeted by the notorious ransomware group Meow. The attack has resulted in the compromise of 20 GB of sensitive data, with the attackers demanding a ransom of $6,000 for the decryption key.
About Success Microfinance Bank
Located in Harare, Zimbabwe, Success Microfinance Bank operates as a deposit-taking microfinance institution (DTMFI). Established in 2011 as Collarhedge Finance Private Limited, the bank transitioned to its current form in 2016 after receiving approval from the Reserve Bank of Zimbabwe. The bank focuses on providing financial services to micro, small, and medium enterprises (MSMEs), offering products such as loans, savings accounts, and digital banking services. With approximately 12 employees and an annual revenue of around $7.5 million, the bank plays a crucial role in promoting financial inclusion and economic growth in Zimbabwe.
Details of the Attack
The ransomware attack orchestrated by Meow has severely impacted Success Microfinance Bank's operations. The attackers have encrypted critical data, demanding a ransom for its release. The compromised data includes sensitive information vital to the bank's operations and client services. The attack highlights the vulnerabilities in the bank's cybersecurity infrastructure, which may have been exploited through methods such as phishing emails, exploit kits, or Remote Desktop Protocol (RDP) vulnerabilities.
About Meow Ransomware Group
Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and financial services. Meow employs various infection methods, including phishing emails and RDP vulnerabilities, to compromise systems. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group maintains a data leak site where they list victims who have not paid the ransom.
Potential Penetration Methods
Meow Ransomware could have penetrated Success Microfinance Bank's systems through several vectors. Common methods include phishing emails that trick employees into downloading malicious attachments, exploiting vulnerabilities in outdated software, or leveraging weak RDP credentials. The bank's focus on digital banking and recent partnership with FinOS for core banking solutions may have introduced new vulnerabilities that were exploited by the attackers.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.